portrait timon

Expertise

The Six Core Dimensions of Comprehensive Technical Due Diligence

By Timon11/24/2021

Digital tech startups are very attractive to investors and venture capitalists (VCs) because they usually promise high scalability and thus a high return on investment. In general, digital technologies are a central component in the business model of most startups today. To be as competitive as possible, technology-driven startups rely on web or mobile apps, Artificial Intelligence (AI) or Blockchain as part of their value proposition or along their value chain.

Anyone investing in a digital tech startup—or also in an established company—should carefully examine whether the digital technology being developed or deployed by a startup can keep up with its business ambitions and promised growth. For example, just because an app's user interface looks fancy and modern doesn't mean that the underlying technology is the right one or has been properly deployed.

To minimize the risk of bad investments and the associated losses, systematic evaluation of the technology developed or used by a startup is essential before any investment is made. Validating whether it delivers what it promises is thus a key challenge for investors and VCs.

The process of reviewing, validating and evaluating the technology developed or deployed by a company for investment purposes is described by the term Technical Due Diligence (Tech DD). The following text explains the six core dimensions of a comprehensive Technical Due Diligence review of digital tech startups and their developed and deployed technologies. The six dimensions are:

  1. Quality
  2. Scalability
  3. Security
  4. Agility
  5. Maintainability
  6. Resilience
six dimensions of technical due diligence

Quality

The quality assessment of a digital technology application or a software application can be divided into two areas: the quality of the user interfaces (UIs) and the quality of the code.

The quality of the UIs can usually be assessed by a layman without IT expertise. The following questions help to assess the UI:

  • How easy is the application to use?
  • How contemporary and modern is the UI design?
  • How does it feel to use the application?
  • What happens if I use the application incorrectly?

Code quality assessment, on the other hand, requires deep IT expertise and experience in software engineering. Questions like the following should be answered.

  • How efficient are the computing processes and algorithms? The more efficiently a computer program runs, the less processing power and memory it requires. Which leads to lower operating costs for applications running on servers and happier users for desktop applications.
  • How is error handling? Errors and bugs occur in software development as sure as day follows night. Errors can be caused, for example, by incorrect operation or special cases that have not been taken into account. A good application can handle them without total failure. Errors should also always be logged in order to fix their cause in the future.
  • Does the code meet best practices and state-of-the-art technology standards? Did the developers choose the right technology for their application problem and did they apply that technology correctly?

Scalability

Scalability is especially important for ambitious startups. If user numbers grow thanks to successful marketing and sales, but the technology cannot keep up with business growth, this leads to existential problems: Business growth is primarily slowed down. Secondarily, however, the satisfaction of existing users usually decreases as well, since app performance declines.

A startup does not have to build a software application from scratch that works for millions of users. It is much more important to have a modular and scalable architecture that can be expanded as the number of users grows without having to rebuild the application from scratch. In cloud applications, for example, we talk about horizontal scalability.

The effort required for setup and provision of a software application for a new customer is another point that should be considered with regard to scalability. For example, does the application require complex manual installations and configurations (e.g., of servers or databases), which become a bottleneck as the number of customers grows? What can possibly be automated?

Security

As a company's success grows, so does its visibility and thus the likelihood of hacker attacks. If a company loses the trust of its customers because it is unable to keep their data safe, this has a direct impact on the company's value. In the worst case, additional financial damage can occur if attackers succeed in sabotaging the company's ability to function (e.g., encryption of the database by ransomware).

Important security standards are neglected, especially in the case of startups that want to launch their product on the market as quickly as possible. The topic of security should therefore receive sufficient attention at the latest during the Tech DD. The following questions should at least be clarified:

  • Which standard is used for authentication and is this standard applied correctly (e.g. OAuth 2.0, OpenID)?
  • Are application secrets kept secure (e.g. database passwords or API keys)?
  • Does the source code not contain any information worth protecting (in the case of open source projects) or is access to it restricted?
  • How vulnerable is the software application to attacks (e.g. ransomware or DDoS attacks)?
  • What third-party solutions and libraries are used and do they potentially have security vulnerabilities?

Agility

Customer needs can and will change. Circumstances can and will change. Thus, the requirements for a software solution and/or the digital technologies used by the startup will change. The agility of a company has two dimensions in the Tech DD context: First, technical extendability and second, organizational flexibility.

To ensure technical extendability, the architecture of the software and technology solution must be modular (see also maintainability). Ideally, parts of the software application can be substituted at any time without risk of failure, or new parts can be added effortlessly. If small changes to the code cause a multitude of new bugs and errors, then technical extensibility is not or hardly guaranteed.

Organizational flexibility refers primarily to the development and innovation processes. A good measure of this is, for example, release cycles (frequency with which new functionality is released). Many startups state that they work according to Lean Startup approaches and with agile methods such as Scrum or Kanban. This enables them to react quickly to changes, at least in theory. However, in practice, you can always find startups that are rather rigid in this regard or do not effectively apply the agile development methods. Possible questions are:

  • How are new features implemented?
  • Which team roles and responsibilities are lived?
  • How is development and operations organized (DevOps)?

Maintainability

A wise developer once said "Software is like a plant.". Software grows and must be maintained, otherwise it will grow wild and weeded. How the software is written, structured and documented is crucial for its maintainability. One dimension of maintainability is technical extensibility (see agility). The longer the planned lifetime of the software and the fewer experts are available for the subject area, the more important maintainability is. The following questions help to assess the maintainability of a software solution.

  • How good is the documentation, especially of interfaces?
  • Do the interfaces comply with a certain standard?
  • Are automated tests available (unit and integration tests)?
  • Have design principles and generally established structure patterns been applied (e.g. Separation of Concerns)?
  • Are several developers able to maintain the software solution or is all the know-how with one person?

Resilience

Resilience refers to the ability of software solutions to react robustly to disruptions and problems, such as failures of individual components, and to continue to provide a functioning system for the user or to do so as quickly as possible. A resilient system theoretically never reaches the state of total failure. The characteristics of a resilient system include high resistance, robust functionality, fast recoverability of the database or of partial functions. When assessing resilience, the following questions help:

  • Are subcomponents of the software solution redundant (e.g., multiple instances/pods of individual micro services)?
  • Is the availability of the software solution automatically monitored and are faulty or crashed components automatically restarted?
  • Are backups of the database created regularly and automatically?
  • Can previous states of the application be easily restored in the event of a failure (e.g. rollback deployments)?

Conclusion

The six dimensions of technical due diligence presented (quality, scalability, security, agility, maintainability, resilience) allow the technologies developed or deployed by a digital tech startup to be examined holistically for investment purposes. The questions relevant to each dimension are outlined but not fully elaborated. However, they serve as a good starting point for a tech DD. The six dimensions can, of course, also be used to examine an established company and its digital technology, whereby the topic of legacy applications deserves additional attention.


Got plans to invest in a tech company?

We can validate for you whether the technology is promising.

Let's talk!